Kusto 时间序列过滤器
Kusto time series filter
我正在尝试为以下数据编写基于时间序列的过滤器。
S.No Name. Version. Time
1. Dashboard 20 Apr-01
2. Search 20 Apr-02
3. Dashboard 21 May-01
4. Search 20 May-02
5. Search 21 May-03
6. Dashboard 22 Jun-01
7. Search 20 Jun-02
8. Search 22 Jun 02
9. Dashboard 23 Jun-05
10. Search 21 Jun-06
11. Search 20 Jun-06
我看到的过滤器是一个两步过滤器。
第 1 步 -(子集):
捕获版本的仪表板的首次出现时间。考虑这些是我们的发布日期。我们需要找到新版本发布后发生的旧版本搜索事件的计数。这里的版本号可能不是连续的。
Name. Version. Time
Dashboard 20 Apr-01
Dashboard 21 May-01
Dashboard 22 Jun-01
Dashboard 23 Jun-05
需要实际输出:版本20的搜索条目数,发生在版本21发布后(5月01日样本)等等...(版本21的搜索条目,版本发布后22 ... )
Outliers Version Count
Search 20 3 //4, 7, 11th rows
Search 21 1 //10th row
Search 22 0 //Should be avoided in the output if possible.
在SQL中,我们曾经编写ctes来实现这个结果集。我是 kusto 的新手,不知道如何编写子查询或临时查询..
有人可以帮我解决这个问题吗?
你可以尝试这样的事情:
datatable(series:int, Name:string, Version:long, Time:datetime)
[
1, 'Dashboard', 20, datetime(2020-04-01),
2, 'Search', 20, datetime(2020-04-02),
3, 'Dashboard', 21, datetime(2020-05-01),
4, 'Search', 20, datetime(2020-05-02),
5, 'Search', 21, datetime(2020-05-03),
6, 'Dashboard', 22, datetime(2020-06-01),
7, 'Search', 20, datetime(2020-06-02),
8, 'Search', 22, datetime(2020-06-02),
9, 'Dashboard', 23, datetime(2020-06-05),
10, 'Search', 21, datetime(2020-06-06),
11, 'Search', 20, datetime(2020-06-06),
]
| as T
| where Name == "Dashboard"
| summarize min(Time) by Version = Version - 1, Name
| join kind=leftouter(
T
| where Name != "Dashboard"
| extend Version = Version
) on Version
| where Time > min_Time
| summarize count(), series = strcat_array(make_set(series), ", ") by Outlier = Name1, Version
-->
| Outlier | Version | count_ | series |
|---------|---------|--------|----------|
| Search | 20 | 3 | 4, 7, 11 |
| Search | 21 | 1 | 10 |
感谢 Yoni。
修改为 prev 而不是版本 - 1。
| summarize ReleaseDate = min(Time) by cV = Version, Name
| sort by ReleaseDate asc
| extend Version = prev(cV)
| join kind=leftouter(
T
| where Name != "Dashboard"
| extend Version = Version
) on Version
| where Time > ReleaseDate
| summarize count(), series = strcat_array(make_set(series), ", ") by Outlier = Name1, Version
我正在尝试为以下数据编写基于时间序列的过滤器。
S.No Name. Version. Time
1. Dashboard 20 Apr-01
2. Search 20 Apr-02
3. Dashboard 21 May-01
4. Search 20 May-02
5. Search 21 May-03
6. Dashboard 22 Jun-01
7. Search 20 Jun-02
8. Search 22 Jun 02
9. Dashboard 23 Jun-05
10. Search 21 Jun-06
11. Search 20 Jun-06
我看到的过滤器是一个两步过滤器。
第 1 步 -(子集): 捕获版本的仪表板的首次出现时间。考虑这些是我们的发布日期。我们需要找到新版本发布后发生的旧版本搜索事件的计数。这里的版本号可能不是连续的。
Name. Version. Time
Dashboard 20 Apr-01
Dashboard 21 May-01
Dashboard 22 Jun-01
Dashboard 23 Jun-05
需要实际输出:版本20的搜索条目数,发生在版本21发布后(5月01日样本)等等...(版本21的搜索条目,版本发布后22 ... )
Outliers Version Count
Search 20 3 //4, 7, 11th rows
Search 21 1 //10th row
Search 22 0 //Should be avoided in the output if possible.
在SQL中,我们曾经编写ctes来实现这个结果集。我是 kusto 的新手,不知道如何编写子查询或临时查询..
有人可以帮我解决这个问题吗?
你可以尝试这样的事情:
datatable(series:int, Name:string, Version:long, Time:datetime)
[
1, 'Dashboard', 20, datetime(2020-04-01),
2, 'Search', 20, datetime(2020-04-02),
3, 'Dashboard', 21, datetime(2020-05-01),
4, 'Search', 20, datetime(2020-05-02),
5, 'Search', 21, datetime(2020-05-03),
6, 'Dashboard', 22, datetime(2020-06-01),
7, 'Search', 20, datetime(2020-06-02),
8, 'Search', 22, datetime(2020-06-02),
9, 'Dashboard', 23, datetime(2020-06-05),
10, 'Search', 21, datetime(2020-06-06),
11, 'Search', 20, datetime(2020-06-06),
]
| as T
| where Name == "Dashboard"
| summarize min(Time) by Version = Version - 1, Name
| join kind=leftouter(
T
| where Name != "Dashboard"
| extend Version = Version
) on Version
| where Time > min_Time
| summarize count(), series = strcat_array(make_set(series), ", ") by Outlier = Name1, Version
-->
| Outlier | Version | count_ | series |
|---------|---------|--------|----------|
| Search | 20 | 3 | 4, 7, 11 |
| Search | 21 | 1 | 10 |
感谢 Yoni。 修改为 prev 而不是版本 - 1。
| summarize ReleaseDate = min(Time) by cV = Version, Name
| sort by ReleaseDate asc
| extend Version = prev(cV)
| join kind=leftouter(
T
| where Name != "Dashboard"
| extend Version = Version
) on Version
| where Time > ReleaseDate
| summarize count(), series = strcat_array(make_set(series), ", ") by Outlier = Name1, Version